Strange operation of CORS policy. What could be wrong?

S

ShuffleBoy2021-04-20 22:44:25

JavaScript

ShuffleBoy, 2021-04-20 22:44:25

This is not a typical CORS question
. Hello!

In general, the following problem: when sending a request from the front to api (mine, all the necessary headers are set) with the correct data, no errors occur.

axios.post('http://localhost:8080/auth/login', {
  email: "[email protected]",
  password: "123456"
})

When sending a request with incorrect data

axios.post('http://localhost:8080/auth/login', {
  email: "[email protected]",
  password: "not correct password"
})

getting CORS error

Access to XMLHttpRequest at 'http://localhost:8080/auth/login' from origin 'http://test' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

It is worth clarifying that the responses to OPTIONS are always 200th (all non-200th errors are logged in any case). Response to POST - 401st

I have already read a bunch of documentation, made requests with withCredentials and, accordingly, also set tags for this on the server.

Answer to OPTIONS

Access-Control-Allow-Origin: http://test
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Credentials: true

// Status: 200

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Denis Yuriev, 2021-04-20
@ShuffleBoy

Obviously, with a 401 error, the Access-Control-Allow-Origin header does not arrive from the back (from the api).
And since only attempts at the front are painted, and about the back only allegedly "all the necessary headers are set", then there is no answer here.